[PATCH] riscv: stacktrace: fix stack-out-of-bounds in walk_stackframe
Matthew Bystrin
dev.mbstr at gmail.com
Thu May 14 07:21:36 PDT 2026
Hi, Jiakai!
Thanks for your valid correction!
Jiakai Xu, May 14, 2026 at 13:07:
> -static inline int fp_is_valid(unsigned long fp, unsigned long sp)
> +static inline int fp_is_valid(unsigned long fp, unsigned long sp,
> + struct task_struct *task)
> {
> unsigned long low, high;
>
> + if (!task)
> + task = current;
> +
I would suggest to move this `if` into walk_stackframe() function in order to do
this only once before walking loop.
> low = sp + sizeof(struct stackframe);
> - high = ALIGN(sp, THREAD_SIZE);
> + high = (unsigned long)task_stack_page(task) + THREAD_SIZE;
Also after grepping `task_stack_page` I've noticed that pt_regs structure is
located at the end of stack. Maybe it is a good idea to adjust border even
"lower" to check that sp does not points inside pt_regs? (see task_pt_regs
macro)
> return !(fp < low || fp > high || fp & 0x07);
> }
--
Best regards,
Matt
More information about the linux-riscv
mailing list